Many different types of encryption are known and contemplated by this disclosure. For examples, AES (advanced encryption standard), RSA, shared key, and others. The input into an encryption module is often referred to as “plaintext,” and the output after encryption is often referred to as “ciphertext.” Many of these encryption methodologies are use with credit card numbers, social security numbers, and other confidential information before transmission and/or storage of that information. In systems where confidential information is accepted only as a predetermined number of characters (e.g., sixteen-digit credit card number, nine-digit social security number, and others), encryption must take this requirement into account. One encryption methodology that meets this requirement is known as format-preserving encryption (FPE).
Online resource Wikipedia teaches examples of format-preserving encryption (FPE). Block ciphers traditionally work over a binary alphabet, i.e., both the input and the output are binary strings of n zeroes and ones. In some situations, however, a block cipher may be used that works over some other alphabet; for example, encrypting a plaintext 16-digit credit card number in such a way that the ciphertext is also a 16-digit number might facilitate adding an encryption layer to legacy software, such as is the example with FPE. More generally, FPE sometimes uses a keyed permutation on some finite language. A key is sometimes understood to be a secret bit string that parameterizes the permutation for a given block cipher. Meanwhile, some encryption schemes, such as cipher block chaining (CBC), are not permutations because the same plaintext can encrypt to multiple different ciphertexts, even when using a fixed key.
Moreover, various methods of FPE are described in the March 2016, National Institute of Standards and Technology's special publication number 800-38G entitled, “Recommendation for Block Cipher: Modes of Operation: Methods for Format-Preserving Encryption,” which is herein incorporated by reference in its entirety of 28 pages and a copy of which is concurrently submitted in an Information Disclosure Statement with the filing of this application.
In addition to the challenge of encrypting data, there exists a technological challenge in managing encryption keys (e.g., generating, distributing, tracking, maintaining, and other operations involving keys). This challenge becomes markedly complex as new encryption keys are introduced into the technological ecosystem.
The aforementioned prior art solutions include various drawbacks and shortcomings leaving much room for improvement.